I've finally made progress on my efforts to enter the cybersecurity area of IT. I believe the specialty of cybersecurity will be a hugely important segment of business to support the information technology segments of business. This will become a critical selling point and potentially a strategic business advantage for corporations to brag about. The ability of businesses to prevent, detect, and respond to digital threats in the emerging hostile landscape is only beginning to come together. This new threat landscape is way more sophisticated than just scanning for infected files. There are massive 'Ransomware as a service' resellers on the dark web right now. They are building capital and using their pirated gold so they can become more powerful and sophisticated to be able to get away with even bigger booty. The nature of these nefarious businesses, or more accurately syndicates, is that they are dynamic and rarely stick with a single identity for very long. Branding is taking a back seat to collecting money. Once these organizations get large enough I imagine their branding will last longer as they become more powerful. This ever changing landscape is exciting and terrifying.
...more to come.
- Details
- Hits: 1271
The ever changing world of digital threats is relentless and immature at this point. I believe it will take many years to develop reliable automated infrastructure that moves fast enough to really get in front of cybersecurity threats in real-time. Until that emergence of advantage comes along we have to look at observed threats and validate each and every one of the file hashes and/or infected files then we have to build alerts and then react to those alerts. The automation is within the data acquisition and ingestion phase. Finding these needles in the proverbial haystack seems to be the biggest challenge that cybersecurity professionals have at this point.
I am compiling a list of commonly known reference materials and sites that every cyber security professional should have in their 'toolkit' of gadgets. These are data sources and cross-reference materials that can be used to validate assumed threats. The challenge today is to recategorize objects from the assumed threat to the validated threats. Once that is done we can scan for activity and objects, compare them against known valid indicators of compromise (IOC), and then react appropriately.
Disclaimer...
I understand that almost all of what cyber security professionals are doing is highly sensitive and should be considered secret. There is nothing here that is sensitive or proprietary. This is all public information. I MIGHT open up a comments section on here. Often times there is a lot of garbage bot driven comments in these discussion boards. We'll see how it goes. this is a pretty low profile website, so hopefully it's far under the radar of most garbage.
Data sources
https://www.cisa.gov/ransomware
https://lists.vmware.com/mailman/listinfo/security-announce
https://www.microsoft.com/en-us/msrc/technical-security-notifications
https://awesomeopensource.com/projects/threat-intelligence
Reference Materials
https://lolbas-project.github.io
https://strontic.github.io/xcyclopedia/
Research links
Misc links
IOCs
https://iris-h.services/pages/dashboard
- Details
- Hits: 1301